<?php
session_start();
unset($_SESSION["user_id"]);
unset($_SESSION["login"]);
?>
<!DOCTYPE html>
<html>
<head>
	<title>Login Page</title>
	<meta charset="UTF-8">
	<title>Login</title>
	<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">

<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>

<!-- Popper JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>

<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
	<style type="text/css">
	    body{ font: 14px sans-serif; }
	    .wrapper{ width: 350px; padding: 20px; }
	</style>
</head>
<body>
	<?php
		include 'header.php';
		require_once 'connect.php';

		$hashed_password = $password = $login = $type =  $password_err = $login_err = '';

		if($_SERVER['REQUEST_METHOD'] == "POST"){

			//validate password
			if(empty(trim($_POST['password']))){
				$password_err = 'Type your password';
			}
			else
			{
				$password = trim($_POST['password']);
			}

			//validate login
			if(empty(trim($_POST['login']))){
				$login_err = 'Type your login ';
			}
			else
			{
				$login = trim($_POST['login']);
			}

			// This DB accepts only unique logins so the procedure is to get hashed pasword 
			// and user type under provided login if any and then compare hashes of typed password 
			// and hashed password from DB.

			//Validate credentials from Database
			if(empty($login_err) && empty($password_err)){

				//Prepare the select statement
				$sql = "SELECT * from users where login= ?;";

				//Prepare statement
				$stmt = $conn->prepare($sql);
				$stmt->bind_param('s',$param_login);
				$param_login = $login;

					if($stmt->execute()){
						$stmt->store_result();

						if($stmt->num_rows == 1){
							$stmt->bind_result($user_id, $login, $type, $hashed_password);
							$stmt->fetch();

							// pasword validation. redirects to different pages depending on user type
							if (password_verify($password, $hashed_password)) {

										session_start();
										$_SESSION['login'] = $login;
										$_SESSION['user_id'] = $user_id;

										
										if($type == "admin"){
											header("Location: admin.php");
										}
										else {
											header("Location: welcome.php");
										}
															
							} else {$password_err = "Please enter correct password!"; }

						} else{ $login_err = "No account found with this login!";}

					} else{ echo "Opps! Some problem connecting to DB! Try again later."; }	

				$stmt->close();
			}			
		}
		$conn->close();
	?>

<div id="login-wrapper">
	<div id="login-form" class="wrapper">
        <h2 class="text-white">Login</h2>
        <p class="text-white">Please fill in your credentials to login.</p>
        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
            <div class="form-group <?php echo (!empty($login_err)) ? 'has-error' : ''; ?>">
                <label class="text-white">Login name</label>
                <input type="text" name="login"class="form-control" value="<?php echo $login; ?>">
                <span class="help-block"><?php echo $login_err; ?></span>
            </div>    
            <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
                <label class="text-white">Password</label>
                <input type="password" name="password" class="form-control">
                <span class="help-block"><?php echo $password_err; ?></span>
            </div>
            <div class="form-group">
                <input class="btn-max btn-size" type="submit" class="btn btn-primary" value="Login">
            </div>
            <p class="text-white">Don't have an account? <a class="text-white" href="register.php">Sign up now</a>.</p>
        </form>
    </div> 
</div>

</body>
</html>
